In This Review

Today’s cyberbattles could almost make one nostalgic for the Cold War. The nuclear arms race created a sense of existential threat, but at least it was clear who had the weapons. In contrast, a cyberattack could be the work of almost anyone. After hackers broke into the U.S. Democratic National Committee’s servers in 2016 and released e-mails embarrassing to the DNC’s leadership, the Republican presidential candidate Donald Trump said the attacker could be China, Russia, or “somebody sitting on their bed that weighs 400 pounds.”

U.S. intelligence officials have said that the attack did indeed come from Russia, which Trump later acknowledged. But Trump’s comment underscored a larger problem with cyberwarfare: uncertainty. How does a government respond to an invisible attacker, especially without clear rules of engagement? How can officials convince other governments and the public that they have fingered the right suspects? How can a state prevent cyberattacks when without attribution, the logic of deterrence—if you hit me, I’ll hit you back—no longer applies? Two recent books delve into these questions. Dark Territory, by Fred Kaplan, and The Hacked World Order, by Adam Segal, lay out the history of cybersecurity in the United States and explain the dangers that future digital conflicts might pose. Both authors also make clear that although Americans and U.S. institutions increasingly feel themselves to be in the cross hairs of hackers and other cybercriminals, the United States is itself a powerful aggressor in cyberspace.

In 2014 alone, the United States suffered more than 80,000 cybersecurity breaches.

In the future, the United States must use its cyberpower judiciously. Every conflict poses the risk that one party will make a mistake or overreact, causing things to veer out of control. When it comes to cyberwar, however, the stakes are particularly high for the United States, as the country’s technological sophistication makes it uniquely vulnerable to attack.